Secure Launch Boot Protocol Being Worked On For The Linux Kernel, Advancing TrenchBoot

Up for discussion on the Linux kernel mailing list is adding support for the Secure Launch boot protocol to Linux. This is part of the recent efforts to supporting Linux in "secure" boot environments around Intel Trusted Execution Technology and AMD SKINIT platform security.

Developers from Oracle and other organizations have been working on Secure Launch and the open-source Trenchboot to allow Linux to be booted directly into a secure environment like Intel TXT (Trusted Execution Technology) and AMD SKINIT. Changes to the Linux kernel as well as the (GRUB) boot-loader are required.

The proposed protocol support is outlined via this mailing list thread and actually is quite a small addition.

Trenchboot is the open-source initiative for carrying out various integrity actions on their system building upon boot integrity technologies from the likes of Intel and AMD. Some of the possible use-cases are outlined here.

Also on the open-source boot securing scene there's also been the recent work around Intel TXT support for Coreboot and measured boot support.